CVE-2024-11138: DedeCMS friendlink_add.php unrestricted upload
First published: Tue Nov 12 2024(Updated: )
A vulnerability classified as problematic has been found in DedeCMS 5.7.116. This affects an unknown part of the file /dede/uploads/dede/friendlink_add.php. The manipulation of the argument logoimg leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dedecms v6 | =5.7.116 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-11138?
CVE-2024-11138 is classified as a problematic vulnerability.
How do I fix CVE-2024-11138?
To mitigate CVE-2024-11138, ensure that file upload permissions are restricted and validate all uploaded files.
What software is affected by CVE-2024-11138?
CVE-2024-11138 affects DedeCMS version 5.7.116.
Can CVE-2024-11138 be exploited remotely?
Yes, CVE-2024-11138 can be exploited remotely due to unrestricted upload capabilities.
What part of DedeCMS is impacted by CVE-2024-11138?
CVE-2024-11138 impacts the file located at /dede/uploads/dede/friendlink_add.php.
- agent/weakness
- agent/title
- agent/references
- agent/first-publish-date
- agent/type
- agent/description
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/dedecms
- canonical/dedecms v6
- version/dedecms v6/5.7.116